WebSense数据防泄漏系统部署指南
websense安装与部署
Websense安装与部署二〇〇六年十月二十五日 姜道友一、序言: (1)二、安装 (2)三、设置 (2)四、管理 (2)五、上网日志报表 (4)一、序言:近期,病毒越来越多,杀毒软件不能清除病毒,只有隔离文件,但不能从内存中删除病毒,导致病毒发作或感染网络内其它电脑的主机。
为了减少内网中感染电脑机会,可以使用websense进行网页过虑,禁止内部员工浏览色情网站、赌博网站、垃圾程序网站等,可有效减少内网中电脑感染病毒的数量。
说明:当然websense主要是web过虑的(不是防病毒的),目标为提高员工工作效率,减少法律责任和优化 IT 资源的使用。
说白了就是让员工老老实实地工作,与工作无关的网站不要上而已。
但内网中病毒很多是在浏览网页的时间感染的,特别是用户访问了垃圾网站(如色情网站、钓鱼网站等)后很可能感染木马或病毒,使用websense规范员工上网行为,禁止浏览垃圾网站,可以减少感染病毒的机会。
减轻电脑部的维护负担。
Websense主要功能为:设置灵活的因特网使用策略。
您可以选择 Allow(允许)、Block(禁止)、Continue(继续)、Quota(限额)、Block By Bandwidth(按带宽禁止)和 Block by File Type(按文件类型禁止)等选项来管理 Web 访问;根据每日时段过滤网站。
根据文件类型和 50 多个应用程序协议设置策略,这些协议包括电子邮件、文件传输、远程访问、流媒体、即时消息发送 (IM) 和对等文件共享 (P2P) 等协议。
允许企业根据通过 Lightweight Directory Access Protocol (LDAP) 访问的 微软 Windows Active Directory、Sun Java System Directory Server 和 Novell eDirectory 中定义的用户/组设置策略,或根据 RADIUS甚至 Citrix 环境中定义的用户/组设置策略。
安装部署指南
3.1 SQL Server 2005 .....................................................................................................................................6 3.1.1 SQL Server 2005 安装...................................................................................................................6 3.1.2SQL Server 2005 卸载..................................................................................................................11
《Web安全攻防:渗透测试实战指南》笔记
《Web安全攻防:渗透测试实战指南》阅读记录目录一、基础篇 (3)1.1 Web安全概述 (4)1.1.1 Web安全定义 (5)1.1.2 Web安全重要性 (6)1.2 渗透测试概述 (6)1.2.1 渗透测试定义 (8)1.2.2 渗透测试目的 (9)1.2.3 渗透测试流程 (9)二、技术篇 (11)2.1 Web应用安全检测 (12)2.1.1 SQL注入攻击 (14)2.1.2 跨站脚本攻击 (16)2.1.3 文件上传漏洞 (17)2.2 操作系统安全检测 (19)2.2.1 操作系统版本漏洞 (19)2.2.2 操作系统权限设置 (20)2.3 网络安全检测 (21)2.3.1 网络端口扫描 (23)2.3.2 网络服务识别 (24)三、工具篇 (25)3.1 渗透测试工具介绍 (27)3.2 工具使用方法与技巧 (28)3.2.1 Kali Linux安装与配置 (31)3.2.2 Metasploit使用入门 (31)3.2.3 Wireshark使用技巧 (33)四、实战篇 (34)4.1 企业网站渗透测试案例 (36)4.1.1 漏洞发现与利用 (37)4.1.2 后门植入与维持 (39)4.1.3 权限提升与横向移动 (40)4.2 网站安全加固建议 (41)4.2.1 参数化查询或存储过程限制 (42)4.2.2 错误信息处理 (44)4.2.3 输入验证与过滤 (45)五、法规与政策篇 (46)5.1 国家网络安全法规 (47)5.1.1 《中华人民共和国网络安全法》 (48)5.1.2 相关法规解读 (49)5.2 企业安全政策与规范 (50)5.2.1 企业信息安全政策 (52)5.2.2 安全操作规程 (53)六、结语 (54)6.1 学习总结 (55)6.2 深入学习建议 (57)一、基础篇在深入探讨Web安全攻防之前,我们需要了解一些基础知识。
Web 安全是指保护Web应用程序免受未经授权访问、篡改或泄露的过程。
Symantec数据防泄密软件,DLP(Data_Loss_Prevention)_中文版PPT
Other 22%
Symantec 30%
McAfee 10%
Trend Micro 4% Verdasys 5%
Vericept 7%
RSA/EMC 7%
CA 9%
Source: Brian Burke of IDC, August 14, 2009 (PRELIMINARY)
Instant Message
Laptops
FTP
File Servers
SharePoint / Lotus Notes / Exchange
Web servers Databases
30 30
谢谢!
知识产权 核心竞争力
大客户资料 招投标文档 战略规划、营销计划 咨询报告、设计文案
公司机密 声誉
中报、年报 CEO 邮件、会议纪要 预算、采购计划 融资、投资计划
• 对于失业以及跳槽等行为,企业组织必须格外谨慎,确保离职员工所接触 过的信息系统已经部署了防泄密解决方案。再者,心怀不满的员工可能带 走资料或为竞争对手做情报搜集 。
3 X the market share of McAfee 4.3 X the market share of RSA/EMC
SYMC CONFIDENTIAL
15 X the market share of Websense
DLP国内典型成功案例
辽宁移动,吉林移动,河南移动,甘肃移动,四川移动, 广东移动,青海移动,福建移动
8 8
Symantec DLP解决方案介绍
9
Symantec可以帮助您…
机密信息在什么位置?
Websense在数据泄漏防护(DLP)市场的领导者地位获权威研究机构认可
Ss ua在 I 域拥有 2 T领 0多年 的从业 经验 ,在渠 道 、 』 销
售 和市 场 营销 等领 域都 手 任过 重要 的区域 性 和全 球性 领 日
对 信 息 化 建 设 的 目标 特 别 是 在 教 育 、 会 发 展 方 面 的 推 进 社 导 职 位 。加 盟 思 杰 之 前 , n rw 曾 担 任 V ae 司 的 全 l A de Mw r 公 我 们 还 有 很 长 的路 要 走 。 ”
在 老 挝 运 营 多 年 , 老 挝 政 府 以 及 电 信 运 营 商 的 主 要 合 作 是
伙 伴之一 。
汇 报 ,将 致 力 于 开 拓 和 管 理 亚 太 区 合 作 伙 伴 战 略 关 系 , 包 括 分销 总代理 、 道代 理 商 、 统集 成 商 、 包供 应 商 、 渠 系 外 独
国 家 经 济 的可 持 续 增 长 。 韦 华 恩 先 生 表 示 :老 挝 拥 有 丰 富 的 矿 产 和 水 电 资 源 , “
案让 伞球 数 百万 企业 的终 端 用户 得 以轻 松访 问其数 据 中 『
这 对 于 国 家 经 济 的 发 展 非 常 有 益 , 是 尚 不 全 面 。 像 单 但 就 成 长 的 机 遇 。 外 , 们 还 将 提 供 合 适 的 丁具 和 资 源 , 同 J 此 我 共 腿 站 立 太 久 会 很 累 一 样 ,一 个 国 家 也 必 须 强 调 均 衡 发 展 。
中罄 新通 信
嚣
思杰任命亚 太区高级总监 推进 渠道联盟及合作伙伴战略
思 杰 系 统 公 司 近 日宣 布 ,任 命 A de ua为 亚 太 区 n rwS s 合 作 伙 伴 高 级 总 监 。ua将 负 责 全 亚 太 区 战 略 合 作 伙 伴 的 Ss 建 赢 , 及 合 作 伙 伴 生 态 系统 的 开 拓 。 以
Websense Web 安全解决方案
* Websense安全实验室威胁报告,2008年7月
系统要求
Web安全网关
Websense内容网关 RedHatEnterpriseLinux4, update5 Websense Web安全防护 RedHatEnterpriseLinux4, update5 MicrosoftWindowsServer2003 标准版或企业版,包含SP1 MicrosoftWindows2000包含SP3, 或更高
“Websense 防止了针对我 们网络的攻击,潜在地防 止了对保密数据和病人数 据的窃取。”
Central Coast CommunityHealthcare
Network Applications & Data
Hosted Security User Generated Applications
The Dynamic Web
The Known Web
The Unknown Web
每小时分析超过4000万个网站 每小时为超过200万个域、网络、IP地 址和主机分配信誉度 每小时对近1000万封电子邮件进行不 必要内容和恶意代码扫描 每天捕捉超过1000万次不请自来的垃 圾邮件、网络钓鱼及攻击活动
“WebsenseThreatSeeker Network 是我们在市场上 所发现的最好的一套安全 分类和检测技术。” beth cannon,
Thomas Weisel Partners 投资银行
Web-based Mashup
Local Applications & Data
Hosted Applications & Data User Generated Content
Web安全产品
产品说明-天融信WEB应用安全防护系统
天融信WEB应用安全防护系统TopWAF产品说明天融信TOPSEC®市海淀区上地东路1号华控大厦100085:+86传真:+87服务热线:+8610-400-610-5119+8610-800-810-5119http: //声明本手册的所有容,其属于天融信公司(以下简称天融信)所有,未经天融信许可,任何人不得仿制、拷贝、转译或任意引用。
本手册没有任何形式的担保、立场倾向或其他暗示。
若因本手册或其所提到的任何信息引起的直接或间接的资料流失、利益损失,天融信及其员工恕不承担任何责任。
本手册所提到的产品规格及资讯仅供参考,有关容可能会随时更新,天融信恕不承担另行通知之义务。
所有不得翻印© 1995-2012天融信公司商标声明本手册中所谈及的产品名称仅做识别之用。
手册中涉及的其他公司的注册商标或是属各商标注册人所有,恕不逐一列明。
TOPSEC®天融信公司信息反馈目录1. 产品概述 (1)2. 产品主要特性 (1)2.1先进的设计理念 (2)2.1.1“三高”设计理念 (2)2.1.2“一站式”解决方案 (2)2.1.3 “无故障运行时间提升”的核心原则 (2)2.2独有的核心技术 (2)2.2.1稳定、高效、安全的系统核 (2)2.2.2领先的多维防护体系 (2)2.2.3“主动式”应用安全加固技术 (2)2.3丰富的数据展现 (3)2.3.1多角度的决策支撑数据 (3)2.3.2多角色视角的数据展示 (3)2.3.3清晰详尽的阶段性报表 (3)3. 产品功能 (3)3.1产品核心功能 (4)3.1.1 WEB应用威胁防御 (4)3.1.2网页防篡改 (5)3.1.3抗拒绝服务攻击 (5)3.1.4 WEB应用漏洞扫描 (6)3.1.5 WEB应用加速 (6)3.1.6 业务智能分析 (6)3.2产品功能列表 (8)4. 产品部署 (11)4.1透明串接部署 (11)4.2反向代理部署 (12)4.3单臂部署 (13)5. 产品规格 (14)6. 产品资质 (15)7. 特别声明 (15)1. 产品概述天融信WEB 应用安全防护系统(以下简称TopWAF )是天融信公司根据当前的互联网安全形势,并经过多年的技术积累,研制出品的专业级WEB 威胁防护类网络安全产品。
Websense反垃圾邮件网关安装手册
Websense反垃圾邮件安全网关调试文档文档目录一、安装邮件安全网关程序 (3)二、网关基本配置 (3)三、升级 (8)四、注册L ICENSE (11)五、新反垃圾邮件网关配置 (16)六、测试操作 ............................................................................................... 错误!未定义书签。
一、安装邮件安全网关程序首先给邮件网关接上显示器和键盘,启动机器后将安装光盘放入位于机器前面板的光驱中,重新启动系统。
出现如下图示时,在boot:的提示符后输入linux然后回车,系统将自动完成安装过程。
图1-1整个安装过程15-20分钟左右,安装完成后,光驱自动弹出。
二、网关基本配置本步骤主要完成反垃圾邮件网关的IP地址、网关地址、DNS、区域等设置。
反垃圾邮件网关初次完成安装后的用户名/密码分别为rfmngr/$rfmngr$。
登陆系统后,请按以下操作完成基本配置:在IE页面里可以通过内网输入https://IP:10000/访问RiskFilter管理页面,默认用户名密码为前文中设置的用户名rfmngr及其密码在IE页面里可以通过内网输入https://IP/admin或者https://IP/admin访问管理员页面,默认的用户名和密码是administrator/admin,可以在RiskFilter管理页面中进行修改。
三、升级完成安装后的版本为6.3,请将版本升级到最新的6.3.1版本。
1、在浏览器地址栏中输入https://IP:10000,其中IP为反垃圾邮件网关的IP地址。
输入用户名rfmngr及其密码(默认为$rfmngr$),登录到RiskFilter管理页面。
2、点击“Webmin->Webmin Configuration->Language”修改Webmin的缺省语言:进去后选择语言为简体中文:3、点击“RiskFilter”->“Websense RiskFilter升级”4、在升级页面中,选中更新项目:Websense RiskFilter、Websense OS点击“开始更新”更新成功后,上图中的“Websense RiskFilter-当前版本”变更为6.3.1; “Websense OS-当前版本”变更为6.0点击“Websense RiskFilter”、“Websense OS”可以查看升级的过程。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Deployment Guide Websense® TRITON®AP-DATA Gateway and Discoverv8.0.x©1996–2014, Websense, Inc.All rights reserved.10900 Stonelake Blvd, 3rd Floor, Austin, TX 78759, USAPublished December 2014Printed in the United States and IrelandThe products and/or methods of use described in this document are covered by U.S. Patent Numbers5,983,270; 6,606,659; 6,947,985; 7,185,015; 7,194,464 and RE40,187 and other patents pending.This document may not, in whole or in part, be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine-readable form without prior consent in writing from Websense, Inc.Every effort has been made to ensure the accuracy of this manual. However, Websense, Inc., makes no warranties with respect to this documentation and disclaims any implied warranties of merchantability and fitness for a particular purpose. Websense, Inc., shall not be liable for any error or for incidental or consequential damages in connection with the furnishing, performance, or use of this manual or the examples herein. The information in this documentation is subject to change without notice.ContentsTopic 1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4Topic 2Planning TRITON AP-DATA Deployment . . . . . . . . . . . . . . . . . . . . . 7 Deciding what data to protect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Geographical. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Industry. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Sector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Determining where your confidential data resides. . . . . . . . . . . . . . . . . . 9Corporate file servers and shared drives. . . . . . . . . . . . . . . . . . . . . . . 9In-house databases. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Determining your information flow. . . . . . . . . . . . . . . . . . . . . . . . . . . . 10Defining the business owners for the data . . . . . . . . . . . . . . . . . . . . . . . 10Deciding who will manage incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . 11Planning access control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Analyzing network structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Structural guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Planning network resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Allocating disk space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Modifying the disk space setting. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Distributing resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Most common deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17TRITON AP-WEB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22TRITON AP-EMAIL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23TRITON AP-DATA Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24TRITON AP-ENDPOINT DLP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24TRITON AP-DATA Discover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Planning a phased approach. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Phase 1: Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Phase 2: Monitoring with notifications. . . . . . . . . . . . . . . . . . . . . . . 26Phase 3: Policy tuning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Phase 4: Enforcing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27TRITON AP-DATA Deployment Guide 1ContentsPhase 5: Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27Phase 6: Endpoint deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Topic 3Integrating with Existing Infrastructure . . . . . . . . . . . . . . . . . . . . . . 29 Working with existing email infrastructure . . . . . . . . . . . . . . . . . . . . . . 29Working with Web proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Blue Coat Web proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Squid open source Web proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44ICAP server error and response codes . . . . . . . . . . . . . . . . . . . . . . . 45 Working with shared drives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 Performing discovery on Novell file systems. . . . . . . . . . . . . . . . . . 46Performing discovery on Windows NFS shares. . . . . . . . . . . . . . . . 48 Working with user directory servers . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Configuring user directory server settings . . . . . . . . . . . . . . . . . . . . 52Importing user data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Rearranging servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Working with Exchange servers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Working with IBM Domino and Notes . . . . . . . . . . . . . . . . . . . . . . . . . 58 Topic 4Scaling TRITON AP-DATA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 When does your system need to grow? . . . . . . . . . . . . . . . . . . . . . . . . . 61Adding modules to your deployment . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Value of additional policy engines . . . . . . . . . . . . . . . . . . . . . . . . . . 642 TRITON AP-DATA1TRITON AP-DATA Deployment Guide 3Overview Websense ® TRITON ®AP-DATA is a comprehensive data loss prevention (DLP) system that discovers, monitors, and protects your critical information holdings, whether that data is stored on your servers, currently in use or located in off-network endpoints. The system protects against data loss by quickly analyzing data and enforcing customized policies automatically, whether users are on the network or offline. Administrators manage who can send what information, where , and how . The system can also work with TRITON AP-WEB, TRITON AP-EMAIL, and TRITON AP-ENDPOINT to protect the whole of your enterprise.The basic components of TRITON AP-DATA are:◆TRITON management server ◆Optional TRITON AP-DATA servers ◆The protector ◆Agents ◆EndpointsThe management server is the core of the system, providing complete data lossprevention analysis to the network. It gathers and stores all management statistics. For load balancing purposes, analysis can be shared among a number ofTRITON AP-DATA servers. The protector can provide added blocking capabilities to the loss-prevention system.The protector works in tandem with the TRITON management server. The TRITON management server performs discovery (performed by Crawler) and provides advanced analysis capabilities. The protector sits in the network, intercepts and analyzes traffic, and can either monitor or block traffic as needed. The protector supports analysis of SMTP, HTTP, FTP, Generic Text and IM traffic (chat and file transfer). The protector is also an integration point for third-party solutions that support ICAP. The protector fits into your existing network with minimum configuration and necessitates no network infrastructure changes.In lieu of the protector, you can combine TRITON AP-DATA with Websense Content Gateway and TRITON AP-EMAIL to block data leaks over the web and email. TRITON AP-DATA agents are also an integral part of the system. These agents are installed on the relevant servers (the ISA/TMG agent on the Microsoft ISA or TMG server, printer agent on the print server, etc.) to enable the system to access the data necessary to analyze the traffic from these servers. Modules, such as TRITON AP-OverviewENDPOINT DLP, enable administrators to analyze content within a user’s workingenvironment (PC, laptop, etc.) and block or monitor policy breaches. The mobileagent can prevent sensitive data from being synchronized from network email systemsto mobile devices.DeploymentA basic deployment might have just one management server and one protector,Content Gateway, or TRITON AP-EMAIL appliance. The protector includes severalagents, including SMTP, HTTP, FTP, IM, and ICAP. The Content Gateway providessecurity for just the web channel. TRITON AP-EMAIL provides security for just theemail channel.The servers are easily configurable to simply monitor or monitor and protect sensitivedata. It is ideal for small to medium businesses with a single Internet egress point. Thefollowing illustration is a high-level diagram of a basic deployment ofTRITON AP-DATA. Such a deployment is ideal for a smaller- to medium-sizedorganization with a single Internet egress point. Note that this illustration is intendedto show the general distribution of components and does not include network details(such as segmenting, internal firewalls, routing, switching, and so forth).4 TRITON AP-DATATRITON AP-DATA Deployment Guide 5OverviewThe following illustration is a high-level diagram of a larger deployment of TRITON AP-DATA.This shows the extended capabilities of TRITON AP-DATA incorporated into a more complex network environment. It shows an extra TRITON AP-DATA server andseveral additional agents deployed for businesses with larger transaction volumes and numbers of users. Such a deployment is suited for large organizations with multiple Internet egress points distributed over multiple geographical locations. Very large deployments can have multiple TRITON AP-DATA servers and protectors.For diagrams of the most common customer deployments, see Most common deployments , page 17.Overview6 TRITON AP-DATA2TRITON AP-DATA Deployment Guide 7Planning TRITON AP-DATADeploymentBefore you begin setting up your TRITON AP-DATA system, it is important to analyze your existing resources and define how security should be implemented to optimally benefit your specific organization. Plan your deployment by:1.Deciding what data to protect , page 72.Determining where your confidential data resides , page 93.Determining your information flow , page 104.Defining the business owners for the data , page 105.Deciding who will manage incidents , page 116.Planning access control , page 117.Analyzing network structure , page 118.Planning network resources , page 139.Planning a phased approach , page 25Deciding what data to protectWhat data should you protect? What are the applicable regulations for your organization?Answers to these questions depend on the geographical regions in which the organization operates, the industry and sector, whether it is a public company and other particulars of your organization.Consider the following:Applies to:In this topic:◆TRITON AP-DATA, v8.0.x ◆Geographical , page 8◆Industry , page 8◆Sector , page 8◆General , page 8Planning TRITON AP-DATA Deployment8 TRITON AP-DATA Geographical◆Each region may have its own regulations/laws that require protecting varioustypes of sensitive information, such as private, financial, and medical.◆Global enterprises may be bound to multiple laws if they have branch offices in different regions. (For example, they may have to abide by different state laws if they have offices in several different states)Industry◆Each type of industry may have its own laws and regulations. For example:⏹GLBA for finance ⏹HIPAA for healthcare◆If your enterprise develops new technologies, you may want to protect intellectualproperty and trade secrets (such as designs, software code, drawings, or patent applications).Sector◆Government agencies and organizations that are affiliated with the governmentare subjected to special requirements and regulations imposed by the government office, such as DIACAP for units and contractors related to the US Department of Defense and FISMA for US federal agencies and their contractors.◆For public companies, additional regulations may apply (such as the Sarbanes-Oxley Act in the U.S., or regulations that are published by the regulatory body of the relevant stock markets).General◆Most organizations want to keep their marketing information away fromcompetitors:⏹Upcoming press releases ⏹Marketing campaigns ⏹Leads ⏹Existing customer data ⏹Many organizations have individualized needs for data protection that mightnot fall into typical categories, but the system can accommodate them.The Data Security manager first-time policy wizard assists you in defining your region and industry and it displays the relevant policies, making it easier to select them. Besides predefined policies, you may want to protect specific information, such as:◆Designs ◆Drawings◆Marketing materials ◆Legal documents ◆Strategic planning documents, such as business plans ◆Financial and pricing information ◆All documents marked “Confidential”Determining where your confidential data residesBased on experience from numerous data-loss protection deployments, it’s evident that most sensitive company information resides within:◆Corporate file servers or shared drives ◆In-house databases ◆Personal laptops, workstations and removable mediaCorporate file servers and shared drivesThere are a few ways to determine where your confidential information is stored:Ask◆Talk to appropriate data owners in your organization and they may point you torelevant locations. This may cover a big part of the information that needs to be protected and is a good start. Your review of locations based on their revelations will undoubtedly reveal other critical data branchings and parallel storage places. Discover◆Use TRITON AP-DATA to classify file servers, shared drives, and endpoints byrunning it with the relevant predefined policies enabled. This should give you bulk estimations of where data is located in your enterprise.Combining the results gives you a good idea of the location of your confidential information.In-house databasesIn the case of file servers and shared drives, the best way to understand which databases are critical is:Applies to:In this topic:◆TRITON AP-DATA, v8.0.x ◆Corporate file servers and shareddrives , page 9◆In-house databases , page 9Ask◆Talk to people that manage in-house applications relying on internal databases(such as customer relations, orders processing, and accounting).◆Talk to database administrators (DBAs) and find out what are the most accesseddatabases. The more a database is accessed, the more chances there are for dataloss. Your IT department may also be able to elaborate on discoveries from bothinstances described above.Discover◆Use TRITON AP-DATA to classify databases by running it with the relevantpredefined policies enabled. This should let you know primarily where your vitalrecords are located.Based on the above information, you can narrow down the most critical databaseservers, databases and tables to protect.Determining your information flowAnalyze the flow of information through your enterprise today.◆Where is information typically coming from? Internal users? Partners? Vendors?◆Where does it need to be sent?◆What are all the potential pathways for information?◆What processes are in place, if any, to govern data flow?◆How many HTTP, SMTP and FTP exits or egress points are there in theorganization?These questions are vital to ensuring that protector(s) are placed appropriately so thatnothing escapes analysis.Defining the business owners for the dataThe business owners of information normally come from the departments where theinformation was created. For example, if you wish to protect marketing materials, thehead of marketing is normally the business owner, and should be consulted aboutdeployments. (He/she may delegate the responsibility to other people in his/herdepartment.) Normally, marketing principals—and principals from otherdepartments—would want to get notifications about data losses containinginformation originating from their department (even and especially if the sender isfrom a different department).Deciding who will manage incidentsHow should you delegate incident management across your organization?As in the case of business owners, you should identify who is responsible for datamanagement in various departments. If you are unsure who that person is, you mayeither consult with the department manager or train one of the employees that youtrust from that department.Once incident managers are identified, you can assign the proper roles and policycategory groups to the relevant users through the Data Security manager web userinterface.Planning access controlStandard network installations provide access control (preventing personnel fromviewing unauthorized files) by giving each user a login and password, and authorizingeach user to view only the network directories required for the user's job function.However, authorized users can still send content they are authorized to use tounauthorized recipients.TRITON AP-DATA augments access control by providing Information DistributionManagement (IDM) capabilities, thereby greatly enhancing the level of informationsecurity. TRITON AP-DATA protects digital content from being sent from yourcompany’s network to people outside of the company, as well as protecting classifiedinformation from being sent to unauthorized users within the local network.Typically, these user privileges were defined individually, without consideringgrouping or security clearances for groups of people. Utilizing data securitycapabilities involves delineating users as belonging to groups or security levels,enabling a more sophisticated, higher level of control over classified data.Naturally, when considering the policies discussed in this chapter, it is important toconsider how these policies are impacted by or impact other content policies in yourcompany. The Data Security manager software has the flexibility to accommodate thefull range of enterprise security needs.Analyzing network structureTo best employ TRITON AP-DATA, you need to analyze your network structure,determine the location of confidential information, note which documents need to beprotected and where they are located, and whether you need to make changes to thenetwork directory structure in order to group documents differently for securitypurposes.In most organizations, user rights have been determined and built into the networkdirectory structure, according to your organization's logic. You may conclude that thenetwork configuration is fine as it is, or that the internal network definitions change tosome degree due to today's higher security needs.Any changes you need to implement internally in the directory structure should beimplemented with these increased security measures in mind.Structural guidelinesIt is possible to configure the system so that a particular user cannot access a certaindocument through the network, but can receive the document by email. For example, amanager would not want employees to access documents in his or her personal folder,but would want to be able to send the documents to them by email. It is thereforeimportant that you perform this analysis together with the network administrator, sothat your desired changes will be implemented internally in a smooth, logical fashion,as well as within the Websense structure.Typically, your network directories are organized functionally, according to thedifferent business units in the company. Within this structure, functional groups areusually entitled to look at documents within their business unit.We recommended that you use this as your process map:◆Take a network map of all the directories, and look at how the network access isorganized◆Determine what types of classified documents you have, and where they arelocated◆Determine whether documents of similar confidentiality are together in similardirectories⏹Organize/group information that is critical to your organization andinformation whose security is legally mandated. For example, financialinstitutions may start by considering customer data (such as Social Securitynumbers or account numbers) and highly confidential business information⏹Organize/group important proprietary and confidential information withmedium or low change-frequency⏹Arrange all major information assets within your organization so that youunderstand data locations, relationships and security-value hierarchies The result of this analysis should be a table corresponding to the directories in thenetwork that need to be protected, indicating what types of users should be able toreceive those files and to provide a look at access issues.You may want to rearrange some areas of your network access, and set the datasecurity accordingly. See below for recommended procedures.Planning network resourcesTo decide on things like disk space allocation, number of servers, and network distribution, start by answering these questions:◆What volume of daily data do you expect in the number of transactions?◆What is your user count?◆Are you covering geographically distributed offices?◆What is your user directory structure (Active Directory, ADAM, Domino) and theIP addresses of the LDAP servers?◆Which ports are used and what are the port numbers?Allocating disk spaceDisk space for archiving fingerprint and forensic repositories is allocated by theTRITON AP-DATA by default. The default settings are the nominal values defined by Websense; however, you can modify these values. The tables below indicates thedefault and maximum disk space for archives, forensics repository and endpoint client incident storage, log file and fingerprint storage.Applies to:In this topic:◆TRITON AP-DATA, v8.0.x ◆Allocating disk space , page 13◆Modifying the disk space setting ,page 14◆Distributing resources , page 15On the TRITON management serverOn endpoint clientsModifying the disk space settingFollow the instructions below to modify the default disk-space settings for either archives, endpoint client incident storage, PreciseID fingerprint or forensicrepositories.To modify disk space settings:1.Access the Data Security manager and choose the Settings tab.2.Depending on the disk space to modify, do the following:a.Archives:Select Settings > Configuration > System > Archive Storage . In theMaximum archive disk space field, modify the value. Only remote archives are configurable.b.Forensics repository:Select Settings > Deployment > System Modules . In the list of modules,select the Forensics Repository entry. In the Maximum Disk Space field, set the value.c.Endpoint client (incident storage, log file and fingerprint storage):TypeDescription Default Setting Max Disk Space Archive The disk space of the incident archive folder on a local or external partition.50 GB Remote: No Max.Local: 50 GB (not configurable)Forensic repository The disk space of the forensic records stored in the archive folder.40 GBNo Max.TypeDescription Default Setting Max Disk Space Endpointclient incident storage The disk space that each endpoint client should allocate for incident storage when the endpoint host is disconnected from the TRITONManagement Server.100 MB 100 MB Endpoint client log file The disk space of the log file viewed on the endpoint client.16 MB 100 MB Endpoint client PreciseID fingerprint storage The disk space that each endpoint client should allocate for storingdirectory and SharePoint fingerprints.50 MB 1,000 MBSelect Settings > Configuration > System > Endpoint. In the sectionlabeled Disk Space, modify the relevant disk-space value.3.Click OK. The disk space values are set and changes saved.4.Click Deploy to deploy your settings.Distributing resourcesTRITON AP-DATA supports multi-site, distributed deployments. You can have alocal policy engine on the Content Gateway module, for example, and distributed(primary and secondary) fingerprint repositories.You can have a management server in one location and one or more supplementalTRITON AP-DATA servers in other locations.You can utilize the crawlers on the TRITON AP-DATA servers alone to do yourfingerprint and discovery scans, or you can install the crawler agent on additionalservers to improve performance.These are just a few of the possibilities.Your network architecture and the geographical location of your offices determinehow you will want to distribute your resources.See Most common deployments, page 17 for distributions our customers commonlyuse.Load balancingIn a multi-component system, you can configure load-balancing by selecting Settings> Deployment > System Modules in the Data Security manager and then clicking theLoad Balancing button at the top of the screen.Load balancing enables you to manage how each module sends its data to specifiedpolicy engines for analysis. This lets you distribute the load, but more important, itensures that your vital email and HTTP performance is never harmed. For example,you can designate 1-2 dedicated servers to analyze inline HTTP traffic (where analysislatency is critical) and use another set of servers to analyze other channels.An agent or a protector service can be analyzed by all listed policy engines or it can beanalyzed by specifically selected policy engines. (Note that protector services can beanalyzed only by local or Windows-based policy engines.) In addition, you can choosewhich policy engine analyzes a specific agent or service of the protector.NoteWebsense recommends that you do not distribute the loadto the TRITON management server.The Load Balancing screen shows a list of items where each item represents a protector or agent.Click each item to define which policy engine it should be analyzed by.For further information on load balancing, refer to the Data Security Manager Help.Most common deploymentsTRITON AP-DATA is a flexible system that affords you various, customizabledeployment scenarios. Each scenario is based on an organization’s practical needs and purposes—of course, individual hardware/software setups vary. Be sure to obtain guidance from your Websense sales representative to assure that the appropriate deployment option is tailored for your organization.Applies to:In this topic:◆TRITON AP-DATA, v8.0.x ◆TRITON AP-WEB, v8.0.x ◆TRITON AP-EMAIL, v8.0.x ◆TRITON AP-WEB , page 22◆TRITON AP-EMAIL , page 23◆TRITON AP-DATA Gateway ,page 24◆TRITON AP-ENDPOINT DLP ,page 24◆TRITON AP-DATA Discover ,page 25。